public interface GroupPermissionEvaluator

Version:: $Revision: 1 $
Author:: Bill Burke

Method Summary

Modifier and Type

Method

Description

boolean

canList()

Returns true if the caller has at least one of AdminRoles.QUERY_GROUPS, AdminRoles.MANAGE_USERS or AdminRoles.VIEW_USERS roles.

boolean

canManage()

Returns true if the caller has AdminRoles.MANAGE_USERS role.

boolean

canManage(GroupModel group)

Returns true if the caller has AdminRoles.MANAGE_USERS role.

boolean

canManageMembers(GroupModel group)

Returns true if the caller has AdminRoles.MANAGE_USERS role.

boolean

canManageMembership(GroupModel group)

Returns true if the caller has AdminRoles.MANAGE_USERS role.

boolean

canView()

Returns true if the caller has one of AdminRoles.MANAGE_USERS or AdminRoles.VIEW_USERS roles.

boolean

canView(GroupModel group)

Returns true if the caller has one of AdminRoles.MANAGE_USERS or AdminRoles.VIEW_USERS roles.

boolean

canViewMembers(GroupModel group)

Returns true if the caller has one of AdminRoles.MANAGE_USERS or AdminRoles.VIEW_USERS roles.

Map<String,Boolean>

getAccess(GroupModel group)

Returns Map with information what access the caller for the provided group has.

Set<String>

getGroupIdsWithViewPermission()

If UserPermissionEvaluator.canView() evaluates to true, returns empty set.

void

requireList()

Throws ForbiddenException if canList() returns false.

void

requireManage()

Throws ForbiddenException if canManage() returns false.

void

requireManage(GroupModel group)

Throws ForbiddenException if canManage(GroupModel) returns false.

void

requireManageMembers(GroupModel group)

Throws ForbiddenException if canManageMembership(GroupModel) returns false.

void

requireManageMembership(GroupModel group)

Throws ForbiddenException if canManageMembership(GroupModel) returns false.

void

requireView()

Throws ForbiddenException if canView() returns false.

void

requireView(GroupModel group)

Throws ForbiddenException if canView(GroupModel) returns false.

void

requireViewMembers(GroupModel group)

Throws ForbiddenException if canViewMembers(GroupModel) returns false.

Method Details
- canList
  
  boolean canList()
  
  Returns true if the caller has at least one of AdminRoles.QUERY_GROUPS, AdminRoles.MANAGE_USERS or AdminRoles.VIEW_USERS roles.
  For V2 only: Also if it has a permission to AdminPermissionsSchema.VIEW or AdminPermissionsSchema.MANAGE groups.
- requireList
  
  void requireList()
  
  Throws ForbiddenException if canList() returns false.
- canManage
  
  boolean canManage(GroupModel group)
  
  Returns true if the caller has AdminRoles.MANAGE_USERS role.
  Or if it has a permission to AdminPermissionsSchema.MANAGE the group.
- requireManage
  
  void requireManage(GroupModel group)
  
  Throws ForbiddenException if canManage(GroupModel) returns false.
- canView
  
  boolean canView(GroupModel group)
  
  Returns true if the caller has one of AdminRoles.MANAGE_USERS or AdminRoles.VIEW_USERS roles.
  Or if it has a permission to AdminPermissionsSchema.VIEW the group.
- requireView
  
  void requireView(GroupModel group)
  
  Throws ForbiddenException if canView(GroupModel) returns false.
- canManage
  
  boolean canManage()
  
  Returns true if the caller has AdminRoles.MANAGE_USERS role.
  For V2 only: Also if it has permission to AdminPermissionsSchema.MANAGE groups.
- requireManage
  
  void requireManage()
  
  Throws ForbiddenException if canManage() returns false.
- canView
  
  boolean canView()
  
  Returns true if the caller has one of AdminRoles.MANAGE_USERS or AdminRoles.VIEW_USERS roles.
  Or if it has a permission to AdminPermissionsSchema.VIEW groups.
- requireView
  
  void requireView()
  
  Throws ForbiddenException if canView() returns false.
- requireViewMembers
  
  void requireViewMembers(GroupModel group)
  
  Throws ForbiddenException if canViewMembers(GroupModel) returns false.
- canManageMembers
  
  boolean canManageMembers(GroupModel group)
  
  Returns true if the caller has AdminRoles.MANAGE_USERS role.
  Or if it has a permission to AdminPermissionsSchema.MANAGE_MEMBERS of the group.
- canManageMembership
  
  boolean canManageMembership(GroupModel group)
  
  Returns true if the caller has AdminRoles.MANAGE_USERS role.
  Or if it has a permission to AdminPermissionsSchema.MANAGE_MEMBERSHIP of the group.
- canViewMembers
  
  boolean canViewMembers(GroupModel group)
  
  Returns true if the caller has one of AdminRoles.MANAGE_USERS or AdminRoles.VIEW_USERS roles.
  Or if it has a permission to AdminPermissionsSchema.VIEW_MEMBERS of the group.
- requireManageMembership
  
  void requireManageMembership(GroupModel group)
  
  Throws ForbiddenException if canManageMembership(GroupModel) returns false.
- requireManageMembers
  
  void requireManageMembers(GroupModel group)
  
  Throws ForbiddenException if canManageMembership(GroupModel) returns false.
- getAccess
  
  Map<String,Boolean> getAccess(GroupModel group)
  
  Returns Map with information what access the caller for the provided group has.
- getGroupIdsWithViewPermission
  
  Set<String> getGroupIdsWithViewPermission()
  
  If UserPermissionEvaluator.canView() evaluates to true, returns empty set.
  
  Returns:
  
  Stream of IDs of groups with view permission.

Interface GroupPermissionEvaluator

Method Summary

Method Details

canList

requireList

canManage

requireManage

canView

requireView

canManage

requireManage

canView

requireView

requireViewMembers

canManageMembers

canManageMembership

canViewMembers

requireManageMembership

requireManageMembers

getAccess

getGroupIdsWithViewPermission